Security News > 2022 > August > Week in review: Spot deep-faked job candidates, data exfiltration via bookmarks, Patch Tuesday forecast
Browser synchronization abuse: Bookmarks as a covert data exfiltration channelTwo universal and seemingly innocuous browser features - the ability to create bookmarks and browser synchronization - make users' lives easier, but may also allow hackers to establish a covert data exfiltration channel.
6 ways your cloud data security policies are slowing innovation - and how to avoid thatAs practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment.
VMware: Patch this critical vulnerability immediately!The security researcher who reported CVE-2022-31656 is planning to release a technical writeup and a POC "Soon".
MI-X: Open source project helps you understand whether you are exploitableIn this Help Net Security video, Ofri Ouzan, Security Researcher at Rezilion, talks about MI-X, an open source tool aimed at effectively determining whether a local host or a running container image is truly vulnerable to a specific vulnerability by accounting for all factors which affect actual exploitability.
Now is the time to focus on software supply chain security improvementsIn this Help Net Security video, Kevin Bocek, VP of Security Strategy and Threat Intelligence, Venafi, discusses how CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft, and customer damage that can result from successful software supply chain attacks.
Machine learning creates a new attack surface requiring specialized defensesIn this interview for Help Net Security, Christopher Sestito, CEO of HiddenLayer, talks about machine learning security considerations, and the related threats organizations should be worried about.
News URL
Related news
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |